testing: reliablly fetch gpg keys

fixes GoogleCloudPlatform#4162

.kokoro/docker/Dockerfile

@@ -94,19 +94,12 @@ RUN curl https://packages.microsoft.com/keys/microsoft.asc | apt-key add - \
   && rm -rf /var/lib/apt/lists/* \
   && rm -f /var/cache/apt/archives/*.deb
 
+COPY fetch_gpg_keys.sh /tmp
 # Install the desired versions of Python.
 RUN set -ex \
     && export GNUPGHOME="$(mktemp -d)" \
     && echo "disable-ipv6" >> "${GNUPGHOME}/dirmngr.conf" \
-    && gpg --keyserver ha.pool.sks-keyservers.net --recv-keys \
-      # 2.7.17 (Benjamin Peterson)
-      C01E1CAD5EA2C4F0B8E3571504C367C218ADD4FF \
-      # 3.4.10, 3.5.9 (Larry Hastings)
-      97FC712E4C024BBEA48A61ED3A5CA953F73C700D \
-      # 3.6.9, 3.7.5 (Ned Deily)
-      0D96DF4D4110E5C43FBFB17F2D347EA6AA65421D \
-      # 3.8.0 (Łukasz Langa)
-      E3FF2839C048B25C084DEBE9B26995E310250568 \
+    && /tmp/fetch_gpg_keys.sh \
     && for PYTHON_VERSION in 2.7.18 3.6.10 3.7.7 3.8.3; do \
         wget --no-check-certificate -O python-${PYTHON_VERSION}.tar.xz "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz" \
         && wget --no-check-certificate -O python-${PYTHON_VERSION}.tar.xz.asc "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz.asc" \

.kokoro/docker/fetch_gpg_keys.sh

@@ -0,0 +1,49 @@
+#!/bin/bash
+# Copyright 2020 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# A script to fetch gpg keys with retry.
+
+function retry {
+    if [[ "${#}" -le 1 ]]; then
+	echo "Usage: ${0} retry_count commands.."
+	exit 1
+    fi
+    local retries=${1}
+    local command="${@:2}"
+    until [[ "${retries}" -le 0 ]]; do
+	$command && return 0
+	if [[ $? -ne 0 ]]; then
+	    echo "command failed, retrying"
+	    ((retries--))
+	fi
+    done
+    return 1
+}
+
+# 2.7.17 (Benjamin Peterson)
+retry 3 gpg --keyserver ha.pool.sks-keyservers.net --recv-keys \
+      C01E1CAD5EA2C4F0B8E3571504C367C218ADD4FF
+
+# 3.4.10, 3.5.9 (Larry Hastings)
+retry 3 gpg --keyserver ha.pool.sks-keyservers.net --recv-keys \
+      97FC712E4C024BBEA48A61ED3A5CA953F73C700D
+
+# 3.6.9, 3.7.5 (Ned Deily)
+retry 3 gpg --keyserver ha.pool.sks-keyservers.net --recv-keys \
+      0D96DF4D4110E5C43FBFB17F2D347EA6AA65421D
+
+# 3.8.0 (Łukasz Langa)
+retry 3 gpg --keyserver ha.pool.sks-keyservers.net --recv-keys \
+      E3FF2839C048B25C084DEBE9B26995E310250568

.kokoro/trampoline_v2.sh

@@ -120,15 +120,16 @@ PROGRAM_PATH="$(realpath "$0")"
 PROGRAM_DIR="$(dirname "${PROGRAM_PATH}")"
 PROJECT_ROOT="$(repo_root "${PROGRAM_DIR}")"
 
-RUNNING_IN_CI="false"
-TRAMPOLINE_V2="true"
+RUNNING_IN_CI="${RUNNING_IN_CI:-false}"
+TRAMPOLINE_VERSION="2.0.0"
 
 # The workspace in the container, defaults to /workspace.
 TRAMPOLINE_WORKSPACE="${TRAMPOLINE_WORKSPACE:-/workspace}"
 
-# If it's running on Kokoro, RUNNING_IN_CI will be true and
-# TRAMPOLINE_CI is set to 'kokoro'. Both envvars will be passing down
-# to the container for telling which CI system we're in.
+# Detect which CI systems we're in. If we're in any of the CI systems
+# we support, `RUNNING_IN_CI` will be true and `TRAMPOLINE_CI` will be
+# the name of the CI system. Both envvars will be passing down to the
+# container for telling which CI system we're in.
 if [[ -n "${KOKORO_BUILD_ID:-}" ]]; then
     # descriptive env var for indicating it's on CI.
     RUNNING_IN_CI="true"
@@ -137,6 +138,9 @@ if [[ -n "${KOKORO_BUILD_ID:-}" ]]; then
     log_yellow "Configuring Container Registry access"
     gcloud auth list
     gcloud auth configure-docker --quiet
+elif [[ "${TRAVIS:-}" == "true" ]]; then
+    RUNNING_IN_CI="true"
+    TRAMPOLINE_CI="travis"
 fi
 
 # Configure the service account for pulling the docker image.
@@ -171,8 +175,8 @@ pass_down_envvars=(
     "RUNNING_IN_CI"
     # Indicates which CI system we're in.
     "TRAMPOLINE_CI"
-    # Indicates we're running trampoline_v2.
-    "TRAMPOLINE_V2"
+    # Indicates the version of the script.
+    "TRAMPOLINE_VERSION"
     # KOKORO dynamic variables.
     "KOKORO_BUILD_NUMBER"
     "KOKORO_BUILD_ID"
@@ -249,12 +253,28 @@ if [[ "${TRAMPOLINE_DOCKERFILE:-none}" != "none" ]]; then
     if [[ "${TRAMPOLINE_SHOW_COMMAND:-false}" == "true" ]]; then
 	echo "docker build" "${docker_build_flags[@]}" "${context_dir}"
     fi
-    if docker build "${docker_build_flags[@]}" "${context_dir}"; then
-	log_green "Finished building the docker image."
-	update_cache="true"
+
+    # ON CI systems, we want to suppress docker build logs, only
+    # output the logs when it fails.
+    if [[ "${RUNNING_IN_CI:-}" == "true" ]]; then
+	if docker build "${docker_build_flags[@]}" "${context_dir}" \
+		  > "${tmpdir}/docker_build.log" 2>&1; then
+	    log_green "Finished building the docker image."
+	    update_cache="true"
+	else
+	    log_red "Failed to build the Docker image, aborting."
+	    log_yellow "Dumping the build logs:"
+	    cat "${tmpdir}/docker_build.log"
+	    exit 1
+	fi
     else
-	log_red "Failed to build the Docker image. Aborting."
-	exit 1
+	if docker build "${docker_build_flags[@]}" "${context_dir}"; then
+	    log_green "Finished building the docker image."
+	    update_cache="true"
+	else
+	    log_red "Failed to build the Docker image, aborting."
+	    exit 1
+	fi
     fi
 else
     if [[ "${has_cache}" != "true" ]]; then